Need help Convert Cisco IOS command to HP H3C command

[jchen522]

I need to convert Cisco IOS command to HP H3C command for switches. What is the best way or filter to do this? Can you give an example?
For Example, I need to convert a command such as these
Example1:

permit udp any 10.104.1.0 0.0.0.255 eq bootps
to
rule permit udp source any destination 10.104.1.0 0.0.0.255 destination-port eq bootps

Example2:

permit udp 10.10.0.0 0.0.255.255 10.104.1.0 0.0.0.255 eq tftp
to
rule permit udp source 10.10.0.0 0.0.255.255 destination 10.104.1.0 0.0.0.255 destination-port eq tftp

Each command has various syntax.

Thank you!

[DataMystic Support]

Ok, using an EasyPattern search/replace, use
permit udp any [ capture( IPAddress ) as 'ip1' ] [ capture( IPAddress ) as 'ip2' ] eq bootps

Replace with:
rule permit udp source any destination @ip1@ @ip2@ destination-port eq bootps

That should get you started!

[jchen522]

That is very helpful! Thank you!

How do I blank the whole line if it detects a certain keyword? I don't want to delete that line but simply blank out the whole line.
This way when I do error checking comparing the two window with synchronzing scrolling it matches line by line correctly.

[DataMystic Support]

You could use an EasyPattern

[ longest 0+ not cr or lf ]keyword[ longest 0+ not cr or lf ]

Replace with nothing. This keeps the end of line character

[jchen522]

Thank you! That works!

Now I have a dilemma. I have built a quite few filters using the search and replace in lines matching a pattern filter and learning how EasyPatterns works. However, it is getting a little too complex. Some of them are very similar and just various by few keywords. I need guidance on how to best to approach this so it is easy to expand later.

The situation that I run into right now are

1. How to handle optional parameters? I can use the EasyPattern keyword 'optional' to detect but how do I get replace to only output when needed. Sometimes those optional keywords needs to be replaced with other words. For example above, 'time-exceeded' needs to be replaced with 'ttl-exceeded'. Protocol name
2. The 'source' and 'destination' parameters can be 'ip address', the keyword 'any', or keyword 'host' follow by ip address. If it is host, it equivalent translation is an ip address follow by 0. The keyword source and destination would also need to be added (See example above)

I have simplified the syntax to make it easier.

Here is a syntax of a Cisco IOS access command
{deny | permit} {tcp | udp | icmp | ip | esp | ahp}
source source-wildcard [operator [port]] destination destination-wildcard
[operator [port]] [established] [fragments]

Some Cisco IOS example
permit udp host 10.210.1.252 host 224.0.0.2 eq 1985
deny icmp any any fragments
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any packet-too-big
permit icmp any any time-exceeded
permit tcp any 10.2.0.0 0.0.255.255 gt 1023 established
permit udp any 10.2.0.0 0.0.255.255 gt 1022
deny ip any any

HP H3C equivalent example
rule permit udp source 10.210.1.252 0 destination 224.0.0.2 0 destination-port eq 1985
rule deny icmp source any destination any fragment
rule permit icmp source any destination any icmp-type echo
rule permit icmp source any destination any icmp-type echo-reply
rule permit icmp source any destination any icmp-type fragmentneed-DFSet
rule permit icmp source any destination any icmp-type ttl-exceeded
rule permit tcp source any destination 10.2.0.0 0.0.255.255 destination-port gt 1023 established
rule permit udp source any destination 10.2.0.0 0.0.255.255 destination-port gt 1022
rule deny ip source any destination any

Some examples of easypattern I have done so far

[capture('permit' or 'deny') as 'verb1'
][1 or more space][capture('icmp' or 'tcp' or 'udp' or 'ip') as 'item1'
] any [capture('gt' or 'eq') as 'sc1'] [capture(1 or more letters or dash or numbers) as 'sp1'
] any [capture('gt' or 'eq') as 'dc1'] [capture(1 or more letters or dash or numbers) as 'dp1']

rule @verb1@ @item1@ source any source-port @sc1@ @sp1@ destination any destination-port @dc1@ @dp1@

[capture('permit' or 'deny') as 'verb1'][
][1 or more space][capture('icmp' or 'tcp' or 'udp' or 'ip') as 'protocol1'][
] any[
][optional 0 or more space][optional capture('gt' or 'eq') as 'so1'][
][optional 0 or more space][optional capture(1 or more letters or dash or numbers) as 'sp1'][
] any[
][optional 0 or more space][optional capture('gt' or 'eq') as 'do1'][
][optional 0 or more space][optional capture(1 or more letters or dash or numbers) as 'dp1'][
]

[capture('permit' or 'deny') as 'text1'][1 or more space
][capture('icmp' or 'tcp' or 'udp' or 'ip') as 'text2'
] [capture(IPAddress) as 'ip1'] [capture(IPAddress) as 'ip2'
] [capture('gt' or 'eq') as 'text3'] [capture(1 or more letters or dash or numbers) as 'text4'
] any [capture('gt' or 'eq') as 'text5'] [capture(1 or more letters or dash or numbers) as 'text6']

[dfhtextpipe]

How to handle optional parameters?

Learn how to use Restrict filters, with Replace filters as subfilters to the Restrict filter.

This is one of the major features of TextPipe that makes it so powerful.

David

[jchen522]

I am currently using Restrict and Replace filters from the wizard. However, all my restrict filters are exactly the same with Replace filters different!
I am thinking about trying various things by filter the syntax into various components.

How do I match the longest match with optional parameters?

For example

permit icmp tcp any 102.0.0 0.0.255.255 gt 1023 established
"gt 1023" are optional parameters

Instead of matching just

102.0.0.0 0.0.255.255

I want it to match the longest optional first

102.0.0.0 0.0.255.255 gt 1023

using the same pattern. Is that possible?

Am I doing this correctly? Any other ways of doing this?

[DataMystic Support]

Use EasyPattern:

[ipaddress] [ipaddress] [longest optional('gt 1023') ]

or similar - presumably 1023 is a '1+ digits'